Container Days London

While we’re trained to scan for CVEs, traditional tools often miss active malware like typosquatting or dependency confusion. This session introduces the OpenSSF Malicious Packages project to bridge this gap, offering hands-on Kubernetes security insights and code snippets you can use today. You’ll learn the critical differences between vulnerabilities and malware, how the project catalogs widespread attacks, and how to leverage its API and OSV data to automate your security checks and detect active threats in your running containers.

Stop prioritizing CVEs by CVSS score alone; it’s a losing game that leads to burnout while leaving you exposed to the risks that actually matter. This session provides a practical field guide to context-aware vulnerability management, shifting the focus from theoretical severity to realistic exploitability. By combining critical data points like EPSS, CISA KEV, and ExploitDB, you’ll move past the noise to gain actionable intelligence.

Stop by Cloudsmith’s booth and learn to secure your artifacts using a Raspberry Pi. Attendees who complete the activity on the Pi will receive a raffle ticket to enter to win their very own Raspberry Pi Desktop Set!